CVE-2015-6526

kernel: perf on ppc64 can loop forever getting userlevel stacktraces

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.

Vulnerabilidad en la función perf_callchain_user_64 en arch/powerpc/perf/callchain.c en el kernel de Linux en versiones anteriores a 4.0.2 sobre plataformas ppc64, permite a usuarios locales causar una denegación de servicio (bucle infinito) a través de una traza inversa profunda en el espacio de usuario de 64-bit.

A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-08-20 CVE Reserved
2015-08-31 CVE Published
2024-08-06 CVE Updated
2025-06-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (11)

URL	Tag	Source
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3	X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/08/18/4	Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	X_refsource_confirm
http://www.securityfocus.com/bid/76401	Vdb Entry
http://www.securitytracker.com/id/1033728	Vdb Entry
https://github.com/torvalds/linux/commit/9a5cbce421a283e6aea3c4007f141735bf9da8c3	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.ubuntu.com/usn/USN-2759-1	2016-12-08
http://www.ubuntu.com/usn/USN-2760-1	2016-12-08
https://bugzilla.redhat.com/show_bug.cgi?id=1218454	2015-11-19
https://access.redhat.com/security/cve/CVE-2015-6526	2015-11-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.0.1 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.0.1"		-		Affected